Vulnerability Development mailing list archives
Re: Possible IDS-evasion technique
From: Burak DAYIOGLU <dayioglu () metu edu tr>
Date: Wed, 27 Feb 2002 12:41:19 +0200
Vadim Berezniker wrote:
Try sending HTTP/239.73, and Apache (and probably others) will still respond.I believe they just respond to it as if it was a 1.1 request. I don't know what it does when you specify something like 0.1
This, one again, shows that keeping applications/systems and NIDS's in sync is a difficult and almost impossible. A perfect NIDS does not only have to know the -correct- protocol behavior but also the -broken but popular- behaviors as well.
-- Burak DAYIOGLU Phone: +90 312 2103379 Fax: +90 312 2103333 http://www.dayioglu.net ICQ UIN: 72276975
Current thread:
- Possible IDS-evasion technique Alla Bezroutchko (Feb 15)
- <Possible follow-ups>
- RE: Possible IDS-evasion technique Gary Golomb (Feb 15)
- Re: Possible IDS-evasion technique Sullo sq (Feb 15)
- Re: Possible IDS-evasion technique Vadim Berezniker (Feb 16)
- Re: Possible IDS-evasion technique Burak DAYIOGLU (Feb 27)
- Re: Possible IDS-evasion technique Vadim Berezniker (Feb 16)